All candidates must meet the following criteria: Must be a US Citizen, no dual Citizenships. Must be able to secure a Public trust clearance. Must be able to work across multiple programs across the Federal and DOD space. The core values that ECS looks for in an engagement manager include: Teamwork, Respect, Accountability, Integrity, and Leadership.
Senior SOC Analyst
Location
United States
Posted
3 days ago
Salary
0
Seniority
Senior
Job Description
Senior SOC Analyst
ECS Tech Inc
Role Description The Senior SOC Analyst is responsible for advanced security monitoring, investigation, and incident response activities within the Everforth Security Operations Center (SOC). This role serves as a senior technical resource within the analyst team, responsible for leading complex investigations, mentoring junior analysts, and ensuring high-quality incident analysis across enterprise environments. The Senior SOC Analyst plays a critical role in identifying sophisticated threats, escalating security incidents, and improving SOC investigative capabilities. This role reports to the SOC Manager and works closely with the Security Engineering team, enterprise IT operations teams, and the Everforth Commercial MSSP to ensure effective monitoring, investigation, and response across the enterprise. Responsibilities - Advanced Threat Investigation: Conduct in-depth analysis of complex security alerts, anomalies, and potential threat activity across enterprise environments. - Incident Response Support: Lead investigation and response activities for confirmed or suspected cybersecurity incidents affecting enterprise systems. - Alert Triage and Escalation: Perform detailed triage of security alerts and escalate validated incidents according to established procedures. - Investigation Leadership: Serve as the lead analyst during significant investigations, coordinating investigative efforts and guiding response activities. - Threat Analysis: Analyze indicators of compromise, attacker behavior, and malicious artifacts to determine the scope and impact of security incidents. - Detection Engineering: Develop and refine detection logic, analytics, and monitoring use cases based on investigative findings and threat intelligence. - Threat Hunting: Conduct proactive threat hunting activities to identify adversary behavior not detected through automated alerts. - MSSP Escalation Handling: Review and validate alerts and escalations originating from the MSSP after-hours monitoring team. - Investigation Documentation: Ensure thorough documentation of investigations, findings, and response actions within the SOC case management platform. - Operational Quality Assurance: Support the SOC Manager in maintaining investigation quality and adherence to SOC playbooks and procedures. - Operational Effectiveness: Lead the design and implementation of SOC process improvements through automation, AI-driven solutions, workflow optimization, and continuous enhancement of detection and response capabilities. - Operational Collaboration: Work closely with IT operations, infrastructure teams, and security engineering to support investigation and remediation activities. - Knowledge Sharing: Mentor junior SOC analysts and provide guidance on investigative techniques, threat analysis, and incident handling procedures. - Situational Awareness: Maintain awareness of emerging threats, attacker tactics, techniques, and procedures relevant to enterprise environments. - Playbook Execution: Execute established SOC investigation playbooks and contribute to the refinement of operational procedures. - On-Call Support: Participate in on-call support to assist with security incident response, operational issues, and investigation activities to maintain continuous SOC coverage and response capability. Qualifications - Experience: Minimum of 5 years of cybersecurity experience, with at least 3 years in a Security Operations Center or incident response role. - Security Investigation Expertise: Strong experience investigating security alerts, analyzing suspicious activity, and determining the scope and impact of security incidents. - Incident Response Experience: Hands-on experience supporting incident response investigations including containment, eradication, and recovery coordination. - Security Technology Experience: Experience working with enterprise security tools such as SIEM platforms, EDR platforms, and log analysis systems. - Threat Analysis Skills: Ability to analyze indicators of compromise, attacker behaviors, and adversary techniques during investigations. - Log Analysis Expertise: Strong experience reviewing and interpreting system logs, endpoint telemetry, network events, and authentication activity. - Detection Engineering Experience: Experience developing or tuning detection rules, analytics, or monitoring logic used to identify malicious activity. - Security Framework Knowledge: Familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework or CIS Critical Security Controls. - Investigation Documentation: Experience documenting investigations, incidents, and response actions within case management platforms. Requirements - Able and willing to obtain a US Security Clearance. - This role may require occasional on-call support during off-hours to respond to security incidents.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Information Security Analyst – 1-Year Contract
NumerisCanada's most trusted and authoritative source for broadcast measurement and consumer behavior data.
• Monitoring Security Systems: Continuously monitor various security systems, including firewalls, intrusion detection systems, antivirus software, and others, to promptly detect and respond to any security incidents. • Security Incident Response: Take the lead in investigating security breaches and incidents, pinpointing their root causes, and developing strategies to prevent similar occurrences in the future. Collaborate closely with IT and business teams to ensure coordinated and effective response efforts. • Vulnerability Management: Identify and assess vulnerabilities present in systems and networks, collaborating with technical teams to mitigate risks through patch management and configuration changes. Thoroughly document findings and facilitate clear communication across teams to promptly address security weaknesses. • Security Policy Enforcement: Ensure the enforcement of robust security controls, policies, and procedures throughout the organization, guaranteeing compliance with relevant regulations, standards, and best practices. • Security Awareness Training: Support and contribute to security awareness initiatives and trainings aimed at educating employees on the best practices for maintaining information security, fostering a culture of security consciousness within the organization. • Security Risk and Vendor Assessments: Conduct comprehensive assessments of security risks and evaluate third-party vendor security measures to gauge the effectiveness of existing security controls and identify areas for enhancement. • Security Tool Evaluation: Assess and evaluate the suitability of new security tools and technologies to bolster the organization's overall security posture, ensuring that chosen solutions align with the organization's security objectives and requirements. • Lead end-to-end incident response activities, including detection, triage, containment, eradication, and post-incident analysis.
• Own and implement data protection controls for AI platforms and SaaS applications • Design and enforce DLP policies across AI prompts, outputs, file uploads, and APIs • Identify and mitigate AI-specific risks including prompt injection, data exfiltration, and shadow AI usage • Build and operationalize guardrails such as data masking, prompt filtering, and response inspection • Analyze and map data flows across AI tools to identify control points and enforce protections • Secure integrations between AI tools and enterprise systems (APIs, plugins, third-party apps) • Monitor AI usage and integrate signals into SIEM, DLP, and CASB platforms • Investigate and respond to AI-related security incidents and data leakage events • Partner with engineering to embed security controls into AI pipelines and workflows • Support AI governance by enforcing policies and enabling secure AI adoption
Role Description Estamos en búsqueda de un perfil System & Security Analyst con la siguiente experiencia: - Experiencia en resiliencia operativa y cumplimiento de requisitos regulatorios como DORA y GDPR en entornos financieros o regulados. - Experiencia en gestión de vulnerabilidades y en el uso de análisis estático de seguridad sobre el ciclo de desarrollo, con referencia explícita al uso de GitHub SAST / GitHub Advanced Security. - Experiencia en seguridad en el desarrollo (Secure SDLC) y aplicación de guías OWASP para desarrollo seguro sobre tecnologías .NET Core. - Experiencia en gestión de secretos y manejo seguro de credenciales en pipelines, con uso de herramientas corporativas y referencia a Terraform y servicios de secretos en cloud. - Experiencia en auditoría y mejora continua, manteniendo documentación de procesos y registros de actividad disponibles para auditorías internas o externas. - Experiencia en evaluación inicial de riesgos técnicos y de transición, incluyendo diagnóstico AS-IS, matriz de riesgos de transición y análisis de brechas de conocimiento. - Conocimiento de entornos cloud AWS y de sus implicaciones de seguridad, resiliencia y gobernanza, incluyendo servicios como EC2, S3, RDS y despliegues controlados con Terraform. - Conocimiento de sistemas operativos Windows Server 2019 y Linux aprobados para contenedores, además de software base como IIS 10, .NET Framework / .NET Core. - Conocimiento de herramientas corporativas del cliente como JIRA Service Management, JIRA Software, Confluence, Xray, así como de observabilidad y monitorización con Nagios, Control-M, Grafana y Splunk. - Conocimiento de continuidad de servicio, simulacros de DRP, validación de RTO/RPO y reporting de resiliencia operativa. Qualifications - Capacidad analítica y de evaluación de riesgos, especialmente en fases de transición, auditoría técnica inicial y control de exposición de seguridad. - Orientación a compliance y gobernanza, asegurando alineación con controles operacionales, seguridad corporativa y estándares del cliente. - Visión de resiliencia operativa, combinando seguridad, continuidad, recuperación y estabilidad del servicio Back Office. - Capacidad de documentación y trazabilidad, generando evidencias, reportes técnicos, matrices de riesgos y documentación de arquitectura/procesos. - Comunicación técnica transversal, con interlocución con equipos de desarrollo, operaciones, seguridad, arquitectura y responsables internacionales del Grupo. - Mentalidad DevSecOps, integrando seguridad dentro del ciclo de vida del desarrollo y no como actividad aislada al final del proceso. Requirements - Experiencia en seguridad de activos y control de acceso en entornos críticos, aplicando el principio de Least Privilege y control nominal de accesos a producción. - Experiencia en resiliencia operativa y cumplimiento de requisitos regulatorios como DORA y GDPR en entornos financieros o regulados. - Experiencia en gestión de vulnerabilidades y en el uso de análisis estático de seguridad sobre el ciclo de desarrollo, con referencia explícita al uso de GitHub SAST / GitHub Advanced Security. - Experiencia en seguridad en el desarrollo (Secure SDLC) y aplicación de guías OWASP para desarrollo seguro sobre tecnologías .NET Core. - Experiencia en gestión de secretos y manejo seguro de credenciales en pipelines, con uso de herramientas corporativas y referencia a Terraform y servicios de secretos en cloud. - Experiencia en auditoría y mejora continua, manteniendo documentación de procesos y registros de actividad disponibles para auditorías internas o externas. - Experiencia en evaluación inicial de riesgos técnicos y de transición, incluyendo diagnóstico AS-IS, matriz de riesgos de transición y análisis de brechas de conocimiento. - Conocimiento de entornos cloud AWS y de sus implicaciones de seguridad, resiliencia y gobernanza, incluyendo servicios como EC2, S3, RDS y despliegues controlados con Terraform. - Conocimiento de sistemas operativos Windows Server 2019 y Linux aprobados para contenedores, además de software base como IIS 10, .NET Framework / .NET Core. - Conocimiento de herramientas corporativas del cliente como JIRA Service Management, JIRA Software, Confluence, Xray, así como de observabilidad y monitorización con Nagios, Control-M, Grafana y Splunk. - Conocimiento de continuidad de servicio, simulacros de DRP, validación de RTO/RPO y reporting de resiliencia operativa. Benefits - La modalidad de trabajo es 100% en remoto.
Senior Cyber Threat Intelligence & Forensics Analyst
CallTekYour White Label Enterprise Support Company.
Role Description - Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field. - Experience: 5+ years in a dedicated SOC, IR, or Intel role (ideally within a CSIRT or MSSP). - The Toolkit: Mastery of tools like Splunk/ELK, CrowdStrike/SentinelOne/VisionOne, Magnet AXIOM/FTK/EnCase/Autopsy, Sandbox, Volatility, and Wireshark. - Programming: Ability to script in Python or PowerShell to automate repetitive tasks or parse forensic artifacts. - Certifications: We value skills over paper, but GIAC (GCIH, GCFA, GCTI), CFE, CTIA or CHFI are highly preferred. - Familiarity with incident response processes and frameworks. - Strong analytical and problem-solving skills with attention to detail. - Excellent verbal and written communication skills to present complex technical information clearly. Qualifications - Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field. - 5+ years in a dedicated SOC, IR, or Intel role (ideally within a CSIRT or MSSP). - Mastery of tools like Splunk/ELK, CrowdStrike/SentinelOne/VisionOne, Magnet AXIOM/FTK/EnCase/Autopsy, Sandbox, Volatility, and Wireshark. - Ability to script in Python or PowerShell. - GIAC (GCIH, GCFA, GCTI), CFE, CTIA or CHFI certifications preferred. - Familiarity with incident response processes and frameworks. - Strong analytical and problem-solving skills. - Excellent verbal and written communication skills. Requirements - 5+ years in a dedicated SOC, IR, or Intel role. - Mastery of specified tools. - Ability to script in Python or PowerShell. - Preferred certifications. - Familiarity with incident response processes. - Strong analytical skills. - Excellent communication skills. Company Description
